Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
THE HEALTH MINISTER has described as “positive” the initial results from testing the validity of a decryption key that may help the HSE to unlock its IT systems.
The government said yesterday that the tool was made available online. A “detailed technical process” then began to ensure that the key is genuine and will not cause any further damage to the HSE systems.
The HSE shut down its IT systems last Friday after it became aware of a significant ransomware attack.
Stephen Donnelly said security contractors are “testing the validity of the key” at the moment.
“The initial results are positive, but obviously it’s a detailed, technical piece of work,” the Health Minister told RTÉ radio’s Morning Ireland.
And we need to be absolutely sure that this will help restore the health systems, rather than potentially cause further harm. So work is ongoing on that at the moment.
The minister said it’s “unclear” why this decryption tool was made available.
“It came as a surprise. We became aware yesterday afternoon that the key was being made available on a site which is linked to this criminal gang.
“Our technical group obviously then obtained that key, and are currently testing it.”
The Journal reported yesterday that the ransomware attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link.
Donnelly said “no ransom has been paid by this government directly, indirectly, through any third-party or in any other way, nor will any such ransom be paid”.
Reports said the hackers have threatened to release the data if a ransom is not paid by next Monday, a threat Donnelly said is being taken “very seriously”.
“There obviously have been redacted pieces of information put up on the dark web to this point. Because it’s an ongoing criminal investigation, we can’t confirm whether the records are genuine.
“However, as people will be aware. It is entirely possible and this sort of approach is quite standard procedure in these kinds of attacks.”
Injunction
Yesterday, the HSE acquired a court injunction that requires anyone who is possessing HSE data to hand it over and not disclose, trade or deal in the information.
Donnelly defended the injunction, saying officials received a “very positive and strong” result from the judge.
“I don’t imagine that a criminal gang capable of doing what they did to our healthcare system and to patients in our country are going to be too worried about a court order, however it is relevant and very applicable to people here who may seek to share that information themselves, potentially just out of interest or for their own reasons,” he said.
Donnelly added that there is “good progress being made” in restoring some health systems across services for radiology, local labs and patient administration.
To embed this post, copy the code below on your site
They paid the ransom only way to get the decryption key.
@Simon F: they will get to about 95% decrypted and then will need to pay another ransom for the last 5%.
I’m shocked but not surprised that this has happened. I’ve worked in government offices, IT security is a joke antivirus software poorly managed, Non patched outdated servers, and sub par firewall configuration. staff not trained in IT policies and procedures. I’ve worked in primary schools with better IT infrastructure and security.
@Simon F: and how do you know this? Recent similar events with hospital in Germany would suggest that the gang pulled back because of the. heat on them. But I guess facts are an annoyance.
My own theory is Russia has used it’s influence and will / is expecting a reciprocal gesture from Ireland during its tenure on the security council.
@Simon F: Not necessarily the case. There have been cases of hackers having a change of heart depending on who / what is affected.
I do however agree that the IT systems / management of most goverment agencies are a joke and I would have very little faith in any of them.
@Simon F: Don’t believe so, did similar last month to a major hospital in America. Negotiators told hackers that it was a hospital and they gave them the decryption key. This is bad press for them and they don’t want the pressure, when they realised it was a health care system they made the decryption key available. Personal data still out there though.
@Simon F: Or, perhaps the data has already been sold on the darknet, so the hackers got their money either way and shared the decryption because the data is already out in the wild…
@Stanley Marsh: ‘hackers having a change of heart’ ;-). hmm.
@Ger Murphy: Yup. What’s the bets the planning permission for the Russian Embassy gets aproved in the near future.
@Dave Hammond: Yeah i highly doubt a criminal organisation just gave up. And provided the key with such leverage, Maybe a deal was struck who knows.
@Simon F: This is not the only way of getting the decryption key; many times in the best gangs would release the Decryption key for free, this month alone a decryption key was released on the Tor Network. The gang have what they wanted personal health data, which could be dumped online or sold to health insurance companies.
They paid up….
@Tom Hickey: Unlikely, if the group are still threatening to release patient data on Monday. The decryption keys have been made available in other hospitals to get critical systems back up running, without any ransom being paid.
Wonder was a backdoor deal done to get the decryption key from the hackers.
@Michael Healy: I doubt we will ever know the answer
@Tony Lyons: as usual
@Michael Healy: Back door deal with the Russian embassy?
@Tony Lyons: eventually we will know. But yes they paid.
Why not try a reverse hack on them. Here is your bitcoin please click to open…. Hahaha you been h@¢ked
@Twitruser2021: I love this lol!
Unlocking it is all well and good, but they still have all our sensitive data and the Gov has done nothing to stop it being sold.
What can they do? These guys are untraceable and beyond the reach of our legal system. What it does highlight is that despite the vast sums annually pumped into the hse, they were horribly caught with their IT pants down. All staff should have been properly trained to address any anomolies that might arise and certainly should be doing forward.
@Adrian O’Donnell: well untraceable to us but not to our friends. We don’t have the capability the United States would have. They would know who is at it. But outside our borders means untouchable
@: Well they did get a court injunction yesterday which you might scoff at but what precisely would you have them do?
Even in summer a ground offensive into Russia would be a tough ask for Oglaigh na hEireann….
@: Oh no, some Russian hackers or someone bothered enough to go hunting on the darkweb will know that I got a mole removed in 2016 and broke my arm when I was 10!
Unless you’re a celebrity/public figure, you shouldn’t care. I doubt your neighbour is going to go on the darkweb to see about your GP check-up history.
@Johnny: And unlikely any celebrity / public figure would be going anywhere near the HSE.
Blackrock Clinic and the like more likely.
@Stanley Marsh:
Is Ireland the first country where the National healthcare system has been hacked? Obviously many private businesses have been. But a National healthcare system, how did the hackers, as sophisticated as they are, decided on Irelands healthcare system to exploit?
@John Egan: NHS had a major hack not so long ago no?
@John Egan: same ransom style hack by different means hit the NHS a year or 2 ago. This HSE one was a new method.
@Alan Watts: yeah, looked it up. 2017 was the last one (warnings of attempted attacks last year). US pipeline was hacked this year but is private company. Old operating systems WXP & Wserver2003 were High risk.
@John Egan: hopefully the nukes are unhackable
@Alan Watts: ha. Can see it now, Iranian nukes controlled by Windows 98
@John Egan: healthcare is a sector thats gets regularly targeted because govt have a lot of money at their disposal and can be embarrassed into actions – there are thousands of attacks on this scale daily – govt sectors – big business and orgs and then smaller `smes are all victims every single day – this one gets all the media coverage but in truth we are no different than every other country – the criminal gang are likely to give them a get out of jail key once they get paid – dont believe this nonsense about a ‘change of heart ‘ by the criminals – but don’t expect anyone to admit to paying ransoms either – they will either spend a lot of time and a lot more money or they will ‘arrange’ for a magic key to be given to them for free ;-) whatever you want to believe really
@Alan Watts: the NHS was infected during the global wannacry hack, but it was not the target!
Sinn Fein intervention … leave it to us … All sorted .
@Terry Cahill: Closed-Community Policing …’No-one will harass you anymore, walking the streets, and no anti-social behaviour will be tolerated …. including hacking’ :)
@Martin Galvin: No, you got it all wrong Paul rang them in return for his dad’s slot on the Journal this morning. That sorted it—Don’t laugh—He sorted out Greece’s problems. WeLL DIDN’T HE?
All the armchair experts out in full force, giving their expert opinions on how the ransom was paid.
If the same key is used for encryption and decryption, at some point it must have been on the computers in question to perform the encryption. With sufficient motivation and resources it’s entirely possible it could be recovered.
If a different key was used for encryption and decryption, public key cryptography is crackable by definition of how it works. The effort in doing so is what makes it unfeasible.
And in either or neither case, knowing part of the unencrypted contents (which the HSE would) would assist in cryptanalysis.
@Gerard:
any idea how long it can take to brute force a key?
@Gerard: the article says the hackers posted decryption key publicly on their website
@JMcB: my point is people are saying it’s not possible to recover such a key without the attackers. This is not true. And they also seem to know we paid the ransom, based on their own hunch.
It’s extremely expensive (computationally) but it can be done, unless you use a key as long as the data itself (a one-time pad)
Every other encryption method, including the ones we use to secure bank transactions, is vulnerable. We just trust that no attacker will be resourceful enough to be able to devote enough resources to decrypt it in any meaningful amount of time.
@Gerard: You’d need a supercomputer to do it and it could take a long time even at that…
Fair play to the hackers for giving us a decryption key FOC.
I wouldn’t be blaming the HSE staff … half of them wouldn’t know where the any key to continue is on the keyboard…
The more I hear about what our government does in relation to the mess created by hack, the more I get the impression that it is a bunch of clowns trying to run the circus. I see no end of this anytime soon.
So the kidnappers take your kid, demand a ransom, you refuse to pay, they let your kid go. I’ll call off Liam Neeson so
Its good news. If they paid they had to pay. Hard see any other reason.
A great bunch of lads these hackers, only having the bants
@Ronan Castled: what does that mean?
My opinion is as follows: The decryption key is capable of working but it also has a hidden switch to activate another dormant zero-day malware already in the systems that will do much more damage. Then the ransom demand will be multiple times the current ask of $20M. There can be no other explaination as to why the key was given for free. If the ransom had been paid then a similar key, without the hidden switch, would have been supplied. I sincerely hope I am wrong
@John Hagin Meade: Well, there can be another explanation, as groups like this have given decryption keys for free in the past to hospitals and other groups where people’s lives were at stake.
And your fantasy scenario makes no sense, as the data just ends up encrypted again, so the whole endeavor was pointless if it ends up back where it started. There is no such thing as “more damage”, it’s either encrypted or it isn’t. If they wanted more money, they can just ask for it the first time, rather than encrypting, then decrypting, then encrypting again. And putting in place daily backups of any critical data (rather than possibly weekly/monthly before), then a future encryption of the data would mean minimal disruption. Plus NetSec can be on higher alert and identify any vulnerabilities that lead to the initial access.
@Johnny: “There is no such thing as “more damage”
A malware routine to max-out components such as hard disks, CPU or memory modules to cause them to fail is one possibility. Another one is to have the hard disk reformatted when the PC’s are next restarted, such as after an update. While this would not affect the backups that are now being made it would render all the machines unusable and require a full reload/reinstallation of software which is very time consuming. Many years ago the formatting of the hard disk happened to my daughter’s computer due to a virus that only triggered on a Friday when the date was 26. Everything had to be restored. I don’t think these evil hackers will just go away quietly.
Ok so this really sums up the situation.
1 – HSE refuse/make no effort to ensure IT systems are secure despite repeated warning.
2 – HSE gets hit with ransomeware by Russian hackers
3 – HSE refuse to negociate with hackers
4 – Hackers release HSE data on the dark web, no answer from HSE
5 – Hackers give the HSE tool to decrypt data but are going to sell it online. HSE ignore them.
6 – HSE go to IRISH high court and get a court order forbidding anyone to handle the stolen data.
7 – HSE ignore hackers
Now the gas thing here about the court order is this. It won’t do a dam thing to stop the hackers but its an attempt to head off people sueing the HSE over the data breach. If you have the data on your laptop and see your information then its illegal and the HSE lawyers will come after you for having possession of the data. So if you were to take the HSE to counrt over the data breach then you cannot prove in court with 100% accuracy that your data was stolen.
Its like the HSE had a shed full of pigeons and left the door open and they are gonna sue anyone who is in possession of one of their pigeons. Even though they left the door open…..
Your welcome lads!!
The HSE just sent the hackers the link to the IRISH high court order. This was the reply for the hacker “?”
They still don’t get it. An Irish court order against a bunch of Russian hackers… pointless.
Thumbs up!
have your say